ldapusrmgr-software Mailing List for LDAP User Management for the Web
A LDAP User Management System
Status: Abandoned
Brought to you by:
nobull
Menu
▾
▴
ldapusrmgr-software — General Discussion
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Curtis R. <cu...@ou...> - 2003-05-29 20:13:46
|
For reference ----- Forwarded message from curtis ----- To: Ugo Viti <u....@i-...> Subject: Re: LDAP User Manager Hello, I see your problem. The UM_groups[] array is supposed to be pointed to a Posix group. Usermanager looks for the user (root) in the memberuid attribute in the groups specified to grant access. For example (ldif): dn: cn=admin,ou=group,dc=i-synapse,dc=it objectClass: top objectClass: posixGroup cn: admin description: Admin group memberuid: root gidnumber: 5000 On Thu, May 29, 2003 at 09:01:01PM +0200, Ugo Viti wrote: > Hi! > > I'm trying to use your very useful software, but i've a little problem after web > login... > > I'm logging in as 'root' user and i receive the folloving message: > > ERROR: User (root) does not have access to the site. > > I configured correctly ldap server and php files of LDAP User Manager, but this > problem persist. > > This is the output of ldif of user root: > --------------- > dn: uid=root,ou=People,dc=i-synapse,dc=it > uid: root > cn: root > sn: root > mail: ro...@i-... > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > objectClass: shadowAccount > shadowLastChange: 12156 > shadowMax: 99999 > shadowWarning: 7 > loginShell: /bin/bash > uidNumber: 0 > gidNumber: 0 > homeDirectory: /root > gecos: root > --------------- > > In UM_config.inc.php i added the following line: > > $UM_groups[] = "cn=root,ou=People,dc=i-synapse,dc=it;root_grp"; > > For your info in attachment i submited the UM_config.inc.php > > Thanks very much for your time and help. > > Regards > > -- > Ugo Viti > Linux Red Hat Certified Engineer > Synapse Snc di Marco Pancini & C. > via Martiri di Civitella, 3 - 52100 Arezzo > cel. 348 8714731 - tel. 0575 324772 - fax. 0575 324772 > P.IVA 01740760515 -- Curtis Robinson cro...@fi... |
|
From: Curtis R. <cu...@ou...> - 2003-03-18 14:29:08
|
For reference:
----- Forwarded message from curtis -----
To: Markus Dejmek <je...@us...>
Subject: Re: ldap user manager
Yea. It is the chicken & egg problem. hehe.
Fill in <> brackets
Starter User LDIF:
dn: uid=firstuser,ou=people,dc=oushi,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: shadowAccount
uid: firstuser
gecos:<fullname>
cn:<fullname>
description:If you see this, then run
sn:<lastname>
homedirectory:/home/firstuser
uidnumber:1000
gidnumber:1000
loginshell:/bin/bash
userpassword:{CRYPT}<run slappasswd -h {CRYPT}>
(NOTE: Make sure this group has access in UM_config.inc.php)
Starter Group LDIF:
dn: cn=stdadmin,ou=group,dc=oushi,dc=org
objectclass: top
objectclass: posixGroup
cn:admin
description: Std Admin Group for oushi.org
gidnumber:10001
memberUid: firstuser
On Mon, Mar 17, 2003 at 04:54:14PM -0800, Markus Dejmek wrote:
> Hi nobull !
>
> I have the same question like many people before me.
> I have installed it, and now I can't login.
> I know that this happens because there is now user
> in ldap. But this is a kind of egg before hen or hen befor
> egg problem.
> If I can't not login I can't never create a user in ldap.
> Do you have a working ldif !? I would be pleased If you send
> me one.
> Also would be fine to pack a ldif in the tar ball. With an
> existing admin user!
>
> thanks for helping me !!
> please reply to ma...@de...
>
> thanks
> markus
--
Curtis Robinson
cro...@fi...
----- End forwarded message -----
--
Curtis Robinson
cro...@fi...
|
|
From: Curtis R. <cu...@ou...> - 2002-10-22 14:01:37
|
Ok, let me explain the design of the $UM_groups and $UM_group_base. $UM_groups defines the acl levels for the specified group in LDAP. By looking up the group name by cn=<group> and looking at the attributes (uniquemember or memberuid attribute) in the group entry. For example, you have defined: $UM_groups[] = "root,read_grp"; $UM_group_base = "ou=group,o=mu"; So, when a user (user1) logs in it searches the $UM_groups for the propriate permissions. It would then look in root group (cn=root,ou=group,o=mu) for the existance of the memberuid=user1 or uniquemember=uid=user1,$UM_people_base. If it finds the user is in the group (cn=root), then it lets the user1 account log in. On Tue, Oct 22, 2002 at 09:51:29AM -0400, Howard Bagcat wrote: > curtis, > > Greetings! > > im workin on installing your usermanager and i end up having this problem: > > ERROR: Could not get a list of groups the user (user1)... > > i guess this is something to do with group setting in /include/UM_config.inc.php. here's my settings: > > $UM_groups[] = "root,read_grp"; > $UM_group_base = "ou=group,o=mu"; > > in my ldap directory, i have a user named as root. here's my slapd.conf & slapd.access.conf setings for > ou=group > > slapd.conf > access to * > by dn="uid=root,ou=Group,o=mu" write > by * read > > slapd.access.conf > access to dn=".*,ou=Group,o=mu" > by * read > > any hints and suggestion? thanks > > > H o w a r d R. B a g c a t > WebAdmin, MUWeb - Edition 4 Project <http://www.mu.edu.ph> > Systems Programmer, RBT/RBK & MUMC Project > Misamis University.Ozamiz City.Philippines > tel: 088.521.0367.local.109 | cel: 63.0919.5536179 > > Imagination is more important than knowledge > -Albert Einstein > > > Sulat @MU v.2.0.0 > ....................................................................................... > An extended module for MUWeb4 Project of Howard R. Bagcat > Powered by GNU General Public License softwares. > > http://my.mu.edu.ph - a personalized portal is soon to come. > > -- Curtis Robinson cro...@fi... |
|
From: Curtis R. <cu...@ou...> - 2002-10-07 12:16:53
|
To: Anthon Walters <an...@ws...>
Subject: Re: Usermanager
Yes, should look like that except for one part.
> dn: cn=stdadmin, ou=Group, dc=nghs, dc=kzn, dc=school, dc=za, o=NGHS
> objectClass: top
> objectClass: inetorgperson
> cn: stdadmin,root_grp
^^^^^^^^^
This is only for the configuration file (UM_config.inc.php).
> Thanks a lot for the prompt reply. I'll try this. So it would appear as if
> you should have a dn such as this:?
>
> dn: ou=Group, dc=nghs, dc=kzn, dc=school, dc=za, o=NGHS
> ou: Group
> objectClass: top
>
> dn: cn=stdadmin, ou=Group, dc=nghs, dc=kzn, dc=school, dc=za, o=NGHS
> objectClass: top
> objectClass: inetorgperson
> cn: stdadmin,root_grp
>
> ?
>
> Regards
> Anthon
--
Curtis Robinson
cro...@fi...
----- End forwarded message -----
--
Curtis Robinson
cro...@fi...
|
|
From: Curtis R. <cu...@ou...> - 2002-10-07 01:49:34
|
From the UM_config.inc.php, details what groups have what access to the Usermanager. ie. cn=admin,<group base>. It searches the group base and looks in the groups which matches to the ACLs in UM_config.inc.php and the user is in the group (memberuid=<uid>). For example: User 'admin' (uid=admin,ou=people,dc=company,dc=com) belongs to several groups. One of the groups gives the user access to the Usermanager (cn=stdadmin,ou=groups,dc=company,dc=com) from the ACL config options in UM_config.inc.php ($UM_groups[] = "stdadmin,root_grp";). The group searching does not search beyond the group base defined. I hope that explains things. On Mon, Oct 07, 2002 at 12:11:49AM +0200, Anthon Walters wrote: > Hi there, > > I'm trying to install your Usermanager interface to LDAP. > > Could you you give me a sample of the "group" DN that needs to be present in > the LDAP tree in order for a user to log in. I am able to log in but then > get the error "ERROR: User (anthon) does not have access to the site." > instead of the menu. > > My UserDN corresponds with the sample in the INSTALL FAQ. I am not a > programmer which makes it very difficult to interpret the PHP. > > Any help is much appreciated. > > Regards > Anthon Walters > South Africa > -- Curtis Robinson cro...@fi... |
|
From: Curtis R. <cu...@ou...> - 2002-10-07 00:49:15
|
Right now. It searches the people base for the user by matching uid attribute. I have someone fixing it to allow depth searching for finding the user, but it isnt incomporated, yet. On Sun, Oct 06, 2002 at 07:35:11AM -0700, M L wrote: > Greetings... > > I'm new to LDAP and I'm trying to spin up your > usermanager. > > Looks like some quality work. > > I'm stumped at logging in however. I have my ldap > server admin password - but I don't know what the > user login is - when it pops up the basic auth box - > I don't know what to enter. > > Thanks in advance for any help you can lend. > > Mike -- Curtis Robinson cro...@fi... |
